CN102103539A - Z-specification-based test case generating method - Google Patents

Z-specification-based test case generating method Download PDF

Info

Publication number
CN102103539A
CN102103539A CN 201110059216 CN201110059216A CN102103539A CN 102103539 A CN102103539 A CN 102103539A CN 201110059216 CN201110059216 CN 201110059216 CN 201110059216 A CN201110059216 A CN 201110059216A CN 102103539 A CN102103539 A CN 102103539A
Authority
CN
China
Prior art keywords
test
test cases
code
test case
input
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 201110059216
Other languages
Chinese (zh)
Inventor
李晓红
杜志杰
李衍法
冯志勇
陈世展
于永新
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin University
Original Assignee
Tianjin University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin University filed Critical Tianjin University
Priority to CN 201110059216 priority Critical patent/CN102103539A/en
Publication of CN102103539A publication Critical patent/CN102103539A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Debugging And Monitoring (AREA)

Abstract

本发明涉及数据处理、测试。为实现高效、准确的对测量对象进行测试,本发明采用的技术方案是,基于Z规格的测试方法,包括下列步骤:1、用Z语言来描述一个软件系统的规格说明,使形式化方法的描述准确,没有二义性的优势得到充分发挥;2.从Z语言的基本模块模式的谓词部分中生成前置条件,同时保证模块的完整性以及前置条件的无冗余性;3.根据得到的前置条件,采用合适的算法,生成可用的而且覆盖率高的测试用例;4.通过对代码的检测,验证用户的代码是否符合我们对程序的预期,并通过比较目标代码输出与已经得到的测试用例的输出是否相同,给出一个相应的测试报告。本发明主要应用于数据处理、测试。

Figure 201110059216

The invention relates to data processing and testing. In order to realize efficient and accurate testing of the measurement object, the technical solution adopted in the present invention is a testing method based on the Z specification, which includes the following steps: 1. Use the Z language to describe the specification of a software system, so that the formal method The advantages of accurate description and no ambiguity are fully utilized; 2. Generate preconditions from the predicate part of the basic module pattern of Z language, while ensuring the integrity of the module and the non-redundancy of preconditions; 3. According to The obtained preconditions are used to generate usable and high-coverage test cases by using an appropriate algorithm; 4. Through code detection, verify whether the user's code meets our expectations for the program, and compare the output of the target code with the already Whether the output of the obtained test case is the same, give a corresponding test report. The invention is mainly applied to data processing and testing.

Figure 201110059216

Description

基于Z规格的测试用例生成方法A Test Case Generation Method Based on Z-Specification

技术领域technical field

本发明涉及数据处理、测试,具体讲涉及基于Z规格的测试用例生成方法。The invention relates to data processing and testing, in particular to a method for generating test cases based on Z specification.

背景技术Background technique

随着计算机和互联网的普及,软件已经成为信息时代资源获得和利用的重要载体。在这种形势下,软件的安全就成为各项工作正常、高效进行的重要保障。但是,软件不是天生安全的,而解决软件安全问题的根本方法就是改善我们建造软件的方式,即在构建软件的过程中,将安全性作为一个重要的因素考虑,使其成为软件开发各个阶段的一个重点。软件测试是软件开发的一个重要的阶段。而测试用例,即测试数据的生成是软件测试中的一个重要内容,测试用例的质量直接关系到测试效果的质量。因此,测试用例的生成是测试工作的核心。With the popularity of computers and the Internet, software has become an important carrier for resource acquisition and utilization in the information age. In this situation, software security has become an important guarantee for the normal and efficient operation of various tasks. However, software is not inherently secure, and the fundamental way to solve software security problems is to improve the way we build software, that is, to consider security as an important factor in the process of building software, making it a key factor in all stages of software development. an important point. Software testing is an important stage of software development. The test case, that is, the generation of test data is an important content in software testing, and the quality of the test case is directly related to the quality of the test effect. Therefore, the generation of test cases is the core of testing work.

为了对软件的规格说明进行准确的描述,从而为软件测试用例的生成提供良好的基础,形式化方法应运而生并得以应用。In order to describe software specifications accurately and provide a good foundation for the generation of software test cases, formal methods emerged and were applied.

形式化方法克服了采用自然语言描述规格说明时造成的模糊性、歧义性和不完整性。它是基于数学方法来描述目标软件系统性能的一门技术,用严格的数学符号和数学法则对目标软件系统的结构与行为进行有效的综合分析和推理。它为系统的说明,开发和验证提供了一个框架,以利于发现目标软件系统需求中的不一致性,不完整性等情况。用形式化开发软件,能够提高软件系统的正确性和可靠性,并且能够提高软件开发的效率。Formal methods overcome the ambiguity, ambiguity, and incompleteness caused by describing specifications in natural language. It is a technology based on mathematical methods to describe the performance of the target software system, and uses strict mathematical symbols and mathematical rules to conduct effective comprehensive analysis and reasoning on the structure and behavior of the target software system. It provides a framework for the description, development and verification of the system, so as to facilitate the discovery of inconsistencies and incompleteness in the requirements of the target software system. Developing software formally can improve the correctness and reliability of the software system, and improve the efficiency of software development.

Z规格是目前适用范围最广的一种规格说明方法。它是基于一阶谓词逻辑和集合论的形式规格说明语言,由于其采用了严格的数学理论,可以产生简明,精确,无歧义且可证明的规格说明。同其他规格说明语言相比,Z语言一个主要的特点是可以对Z规格说明进行推理和证明。The Z specification is currently the most widely applicable specification method. It is a formal specification language based on first-order predicate logic and set theory. Due to its rigorous mathematical theory, it can produce concise, precise, unambiguous and provable specifications. Compared with other specification languages, one of the main features of the Z language is that it can reason and prove the Z specification.

目前未见基于Z规格的测试用例生成方法报道。At present, there is no report on the test case generation method based on the Z specification.

发明内容Contents of the invention

为克服现有技术的不足,实现高效、准确的对测量对象进行测试,本发明采用的技术方案是,基于Z规格的测试用例生成方法,包括下列步骤:In order to overcome the deficiencies of the prior art and realize efficient and accurate testing of the measurement object, the technical solution adopted in the present invention is a method for generating test cases based on the Z specification, comprising the following steps:

1、用Z语言来描述一个软件系统的规格说明,使形式化方法的描述准确,没有二义性的优势得到充分发挥;1. Use the Z language to describe the specification of a software system, so that the description of the formal method is accurate and the advantages of no ambiguity can be fully utilized;

2.从Z语言的基本模块模式的谓词部分中生成前置条件,同时保证模块的完整性以及前置条件的无冗余性;2. Generate preconditions from the predicate part of the basic module pattern of Z language, while ensuring the integrity of the module and the non-redundancy of preconditions;

3.根据得到的前置条件,采用合适的算法,生成可用的而且覆盖率高的测试用例;3. According to the obtained preconditions, use a suitable algorithm to generate available test cases with high coverage;

4.通过对代码的检测,验证用户的代码是否符合对程序的预期,并通过比较目标代码输出与已经得到的测试用例的输出是否相同,给出一个相应的测试报告。4. Verify whether the user's code meets the expectations of the program through code detection, and give a corresponding test report by comparing the output of the target code with the output of the test case that has been obtained.

所述生成可用的而且覆盖率高的测试用例包括下列步骤:首先,对测试用例的等价类进行划分;然后,按照分类的不同,从不同的领域中选取测试用例;最后进行测试用例的汇总。The test cases that are available and have a high coverage rate are generated include the following steps: first, the equivalence classes of the test cases are divided; then, according to the different classifications, the test cases are selected from different fields; finally, the test cases are summarized .

生成可用的而且覆盖率高的测试用例具体为:Generate usable and high-coverage test cases specifically as follows:

已知op_ClientEncode,是一个方法的名称,表示在网上进行数据交互活动时客户端的加密过程,通过输入不同长度的字符串来测试此方法是否正常工作,其生成的原始测试用例如表1所示。It is known that op_ClientEncode is the name of a method, which indicates the encryption process of the client when performing data interaction activities on the Internet. By inputting strings of different lengths to test whether this method works normally, the original test examples generated by it are shown in Table 1.

表1测试用例的原始列表Table 1 The original list of test cases

  输入数据 Input data   输出数据 Output Data   ‘’''   7215ee9c7d9dc229d2921a40e899ec5f7215ee9c7d9dc229d2921a40e899ec5f   ‘a’'a'   0cc175b9c0f1b6a831c399e2697726610cc175b9c0f1b6a831c399e269772661   ‘b’'b'   92eb5ffee6ae2fec3ad71c777531578f92eb5ffee6ae2fec3ad71c777531578f   ‘c’'c'   4a8a08f09d37b73795649038408b5f334a8a08f09d37b73795649038408b5f33   ‘d’'d'   8277e0910d750195b448797616e091ad8277e0910d750195b448797616e091ad   ‘e’'e'   e1671797c52e15f763380b45e841ec32e1671797c52e15f763380b45e841ec32    ......   ......   ‘ab’'ab'   187ef4436122d1cc2f40dc2b92f0eba0187ef4436122d1cc2f40dc2b92f0eba0    ......   ......

(1)对测试用例的等价类进行划分:(1) Divide the equivalence classes of the test cases:

本着等价类划分的原则,将表1中的测试用例等价类划分为三个,分别是:输入为空字符;输入只有一个字符和输入有多个字符;Based on the principle of equivalence class division, the test case equivalence classes in Table 1 are divided into three, namely: the input is an empty character; the input has only one character and the input has multiple characters;

(2)从不同的领域中选取测试用例:(2) Select test cases from different fields:

从三个不同的测试用例等价类中分别选出一个测试用例:‘’;‘a’;‘abcdefghigklmn’;Select a test case from each of three different test case equivalence classes: ''; 'a'; 'abcdefghigklmn';

(3)进行测试用例的汇总;(3) Summary of test cases;

前述步骤(2)中选取的测试用例,可生成可用的且覆盖率高的测试用例,其结果如表2所示:The test cases selected in the aforementioned step (2) can generate available and high-coverage test cases, and the results are shown in Table 2:

表2经过化简的测试用例列表Table 2 Simplified list of test cases

  输入数据 Input data   输出数据 Output Data   ‘’''   7215ee9c7d9dc229d2921a40e899ec5f7215ee9c7d9dc229d2921a40e899ec5f

  ‘a’'a'   0cc175b9c0f1b6a831c399e2697726610cc175b9c0f1b6a831c399e269772661   ‘abcdefghigklmn’'abcdefghigklmn'   5fdddbca10d5f9ff15178e1b3e86f2cb5fdddbca10d5f9ff15178e1b3e86f2cb

本发明具有如下技术效果:The present invention has following technical effect:

Z规格预编辑部分通过利用Z/EVES这一工具,完成了对Z规格模式的编写,并可对Z规格进行解析,语法检测,域检测,及谓词推理,公式证明等。为接下来的Z规格预处理部分的工作提供了输入信息,Z规格预处理部分主要完成对Z规格的化简,它是软件测试用例生成的基础。测试用例的生成是测试工作的核心,而测试用例的生成部分正是用于完成这一核心工作。它通过提供的接口得到指定模式的前置条件数据,然后按等价类划分的准则,生成具有高覆盖率且精简的测试用例。代码验证及报告生成部分将测试用例输入到用户代码中,并通过将方法的名字和文件的位置作为参数,实现了对代码的实际检测这一过程。并将测试报告返回给用户。The pre-editing part of the Z specification uses the tool Z/EVES to complete the writing of the Z specification schema, and can perform analysis, syntax detection, domain detection, predicate reasoning, formula proof, etc. on the Z specification. It provides the input information for the following work of the Z specification preprocessing part. The Z specification preprocessing part mainly completes the simplification of the Z specification, which is the basis for the generation of software test cases. The generation of test cases is the core of testing work, and the part of test case generation is used to complete this core work. It obtains the precondition data of the specified mode through the provided interface, and then generates high-coverage and streamlined test cases according to the criterion of equivalence class division. The code verification and report generation part inputs the test case into the user code, and realizes the process of actual detection of the code by using the method name and the location of the file as parameters. And return the test report to the user.

通过以上四个部分的协调工作,用户可以进行对系统的Z规格描述,并对此Z规格进行初步的分析,利用分析结果自动或者半自动地生成测试用例,并对测试用例进行进一步简化。最终获取用户的真实工程代码,进而将测试用例输入代码当中,完成对代码的测试,找到软件中存在的漏洞和缺陷。从而提高软件开发的效率和安全系数。Through the coordination of the above four parts, the user can describe the Z specification of the system, conduct a preliminary analysis of the Z specification, use the analysis results to automatically or semi-automatically generate test cases, and further simplify the test cases. Finally, the user's real engineering code is obtained, and then the test cases are input into the code to complete the code test and find the loopholes and defects in the software. Thereby improving the efficiency and safety factor of software development.

附图说明Description of drawings

图1测试用例生成及代码验证模块示意图。Figure 1 Schematic diagram of test case generation and code verification module.

图2Z/EVES编辑示例图。Figure 2 Z/EVES edited example diagram.

图3Z规则化简示意图。Fig. 3Z schematic diagram of rule simplification.

图4代码验证及测试报告生成流程图。Figure 4 is a flow chart of code verification and test report generation.

具体实施方式Detailed ways

本发明的目的在于以Z规格为基础,利用其描述准确,没有二义性的优点,对目标软件的性能进行描述,通过对Z规格进行研究,将其中出现的数据类型进行分析,并利用分析结果生成测试用例,最后通过代码验证平台予于验证并给出测试报告。从而提高软件测试的效率、精确性及安全性。具体来讲,包括以下几个方面:The purpose of the present invention is to describe the performance of the target software based on the Z specification, using its advantages of accurate description and no ambiguity, and analyze the data types appearing in it by studying the Z specification, and use the The test case is generated as a result, and finally verified by the code verification platform and a test report is given. Thereby improving the efficiency, accuracy and security of software testing. Specifically, it includes the following aspects:

1.用Z语言来描述一个软件系统的规格说明,同时保证其正确性。使形式化方法的描述准确,没有二义性的优势得到充分发挥;1. Use Z language to describe the specification of a software system while ensuring its correctness. Make the description of the formal method accurate and the advantage of no ambiguity be fully utilized;

2.从Z语言的基本模块模式的谓词部分中生成前置条件,同时保证模块的完整性以及前置条件的无冗余性。2. Generate the preconditions from the predicate part of the basic module pattern of the Z language, while ensuring the integrity of the module and the non-redundancy of the preconditions.

3.根据得到的前置条件,采用合适的算法,生成可用的而且覆盖率高的测试用例。3. According to the obtained preconditions, use a suitable algorithm to generate usable and high-coverage test cases.

4.通过对代码的检测,验证用户的代码是否符合我们对程序的预期。并通过比较目标代码输出与已经得到的测试用例的输出是否相同,给出一个相应的测试报告。4. Through code detection, verify whether the user's code meets our expectations for the program. And by comparing the output of the target code with the output of the test cases that have been obtained, a corresponding test report is given.

针对上述目的、目标,本发明提出的基于Z规格的软件测试用例生成大致分为四个部分:Z规格的编辑部分、Z规格预处理部分、测试用例生成部分和代码验证及报告生成部分,如附图1所示。首先要对Z规格进行编辑、检测,并将此Z规格进行简化和其他预处理。接着,利用简化后的Z规格和一些预定义好的规则,可以生成测试用例,并根据等价类划分的原则,对这些测试用例进行化简,得到测试用例最简化集。最后,将测试用例输入到用户提供的目标代码当中,进行检测,并最终生成测试报告,返回给用户。For above-mentioned purpose, target, the software test case generation based on Z specification that the present invention proposes is roughly divided into four parts: the editing part of Z specification, Z specification preprocessing part, test case generation part and code verification and report generation part, such as As shown in Figure 1. Firstly, the Z specification should be edited and detected, and the Z specification should be simplified and preprocessed. Then, using the simplified Z specification and some predefined rules, test cases can be generated, and these test cases can be simplified according to the principle of equivalence class division to obtain the most simplified set of test cases. Finally, input the test case into the object code provided by the user, perform detection, and finally generate a test report and return it to the user.

1.Z规格的编辑:Z规格是对软件的功能的描述,同时也给出了他们对软件性能的限制。在本发明的研究中,主要是使用了Z/EVES这一工具,用它可以方便地编写Z规格模式。它也是分析Z规格的有效工具,可以用来对Z规格进行解析,语法检测,域检测,并且可以进行谓词推理,公式证明等等。用户可以直接在Z/EVES里面对Z规格进行编辑,其编辑界面如附图2所示。1. Editing of Z specifications: Z specifications describe the functions of the software, and also give their limitations on software performance. In the research of the present invention, mainly use Z/EVES this tool, can write Z standard mode conveniently with it. It is also an effective tool for analyzing Z-specs, which can be used for parsing, grammar detection, domain detection, predicate reasoning, formula proof, etc. Users can directly edit the Z specification in Z/EVES, and the editing interface is shown in Figure 2.

2.Z规格的预处理:这一阶段主要是完成对Z规格的初步扫描,进行一些预处理工作。本部分的主要工作内容包括对Z规格中Z特有的数据类型的声明的处理,对复杂的数据类型的声明的处理,还有对方法的声明的处理,对Z规则进行化简等,如附图3所示。2. Preprocessing of the Z specification: This stage is mainly to complete the preliminary scanning of the Z specification and perform some preprocessing work. The main work content of this part includes the processing of Z-specific data type declarations in the Z specification, the processing of complex data type declarations, the processing of method declarations, and the simplification of Z rules, etc., as shown in the attached Figure 3 shows.

3.测试用例的生成:测试用例,即测试数据的生成,是软件测试中的一个重要内容。此模块的功能是针对得到的模式前置条件,利用提出的测试用例生成算法,完成测试用例的生成。首先,通过提供的接口得到指定模式的前置条件数据,然后等价类划分的准则,生成具有高覆盖率且精简的测试用例。3. Generation of test cases: Test cases, that is, the generation of test data, is an important content in software testing. The function of this module is to use the proposed test case generation algorithm to complete the generation of test cases according to the obtained pattern preconditions. First, the precondition data of the specified mode is obtained through the provided interface, and then the criterion of equivalence class division is used to generate high-coverage and streamlined test cases.

4.代码验证及报告的生成:此部分是实际检测代码的部分。主要工作是验证用户的代码是否符合我们对程序的预期,并给出一个测试报告。其过程包含了四个部分:测试用例输入、代码验证平台、结果比较和生成测试报告。它们的功能分别是:利用上一步生成的测试数据,并将其输入部分单独提取出来,作为对目标代码的输入部分;调用测试用例的输入部分,并且通过所调用的方法的名字和路径找到需要测试的目标代码;比较目标代码输出与已经得到的测试用例的输出是否相同,并对不同的项进行记录;如果比较结果相同,则给出测试通过的报告,反之,给出测试失败的结论,并将测试失败的实验数据进行汇总,返回给用户。测试报告生成流程图如附图4所示。4. Code verification and report generation: This part is the part that actually detects the code. The main job is to verify whether the user's code meets our expectations for the program, and give a test report. The process includes four parts: test case input, code verification platform, result comparison and test report generation. Their functions are: use the test data generated in the previous step, and extract its input part separately as the input part of the target code; call the input part of the test case, and find the required method through the name and path of the called method. The target code of the test; compare whether the output of the target code is the same as the output of the test case that has been obtained, and record the different items; if the comparison results are the same, a report of the test passing is given; otherwise, the conclusion of the test failure is given, Summarize the experimental data that failed the test and return it to the user. The flow chart of test report generation is shown in Figure 4.

下面以一实例来说明本发明的应用。An example is used below to illustrate the application of the present invention.

一.对目标软件性能进行Z规格描述1. Z specification description of target software performance

图1所示的Z规格描述了在网上进行数据交互时,服务器和客户端所需要满足的安全约束。The Z specification shown in Figure 1 describes the security constraints that the server and the client need to satisfy when exchanging data on the Internet.

Figure BDA0000049919560000041
Figure BDA0000049919560000041

Figure BDA0000049919560000051
Figure BDA0000049919560000051

以上数据为图1的Z规格描述的数据声明部分。The above data is the data declaration part of the Z specification description in Figure 1.

二.对Z规格进行预处理2. Preprocessing the Z specification

1.对上述的Z规格进行分析1. Analyze the above Z specification

(1)对数据类型的声明。(1) Declaration of the data type.

也就是对Resource,EventType,Bool,BlackList_SQL,User以及DB的声明。其中,Resource,EventType和Bool只是简单的枚举类型,而DB和User则是复合类型。我们的第一步工作就是要扫描Z规格,得到对这些数据类型的声明,并且写进数据库,或者对其进行相应的提前处理,为下一步的工作做好准备。That is, the declaration of Resource, EventType, Bool, BlackList_SQL, User and DB. Among them, Resource, EventType and Bool are just simple enumerated types, while DB and User are composite types. Our first step is to scan the Z specification, get the declaration of these data types, and write it into the database, or process it in advance to prepare for the next step.

(2)对函数的声明。(2) Declaration of the function.

在此Z规格中,就是对函数md5的声明。如下公式所示。在扫描这些类型的数据时,我们需要用户提供其相应的函数的定义的真实代码,并将这些函数名字和定义代码一起写进数据库,供后期使用。比如此处,应该提供用于md5的实现代码,以备生成测试用例时使用。In this Z specification, it is the declaration of the function md5. as shown in the following formula. When scanning these types of data, we need the user to provide the real code of the definition of the corresponding function, and write the function name and definition code into the database for later use. For example, here, the implementation code for md5 should be provided for use when generating test cases.

md5:seq Char→seq Charmd5: seq Char → seq Char

2.对上述Z规格进行化简2. Simplify the above Z specification

这是对需要我们检测的Z规格的方法实现部分,也是我们工作的重点。其中,op_ClicentEncode说明的客户端加密过程,op_Validate表示的是服务器端安全验证过程。op_Authenticate表示的是服务器端身份验证过程。因为这些过程都没有出现后状态变量,所以可以直接使用生成析取范式的算法,将对方法描述的Z规格化解成析取范式形式。This is the implementation part of the method for the Z specification that we need to detect, and it is also the focus of our work. Among them, op_ClientEncode describes the client encryption process, and op_Validate represents the server-side security verification process. op_Authenticate represents the server-side authentication process. Because there are no post-state variables in these processes, the algorithm for generating disjunctive normal forms can be directly used to resolve the Z normalization of the method description into disjunctive normal form.

(1)对op_ClientEncode方法进行析取范式化简可知,因为其谓词部分只有一个表达式,故其析取范式也只有一项,所以其最终形式就是:(1) Simplify the disjunctive paradigm of the op_ClientEncode method, because there is only one expression in its predicate part, so its disjunctive paradigm has only one item, so its final form is:

output!=md5 input?output! = md5 input?

(2)对op_Validate的化简,可以得到:(2) The simplification of op_Validate can be obtained:

Figure BDA0000049919560000061
Figure BDA0000049919560000061

Figure BDA0000049919560000062
Figure BDA0000049919560000062

Figure BDA0000049919560000063
Figure BDA0000049919560000063

(3)对op_Authenticate进行化简,可以得到其析取范式为,如下式所示:(3) Simplify op_Authenticate to obtain its disjunctive paradigm, as shown in the following formula:

Figure BDA0000049919560000065
Figure BDA0000049919560000065

Figure BDA0000049919560000066
Figure BDA0000049919560000066

Figure BDA0000049919560000067
Figure BDA0000049919560000067

Figure BDA0000049919560000068
Figure BDA0000049919560000068

三.测试用例的生成3. Generation of test cases

对非数字类型的测试点的选取和数字类型数据的测试点的选取思路基本是一样的。首先是对测试用例的等价类进行划分,然后按照分类的不同,从不同的领域中选取测试用例,最后进行测试用例的汇总。The selection of non-digital type test points is basically the same as the selection of digital type data test points. Firstly, it divides the equivalence classes of test cases, then selects test cases from different fields according to different classifications, and finally summarizes the test cases.

对上述例子的测试用例的选取,我们可以得到如下的结果:For the selection of test cases in the above example, we can get the following results:

1.op_ClientEncode:1.op_ClientEncode:

其中,对MD5算法,我们需要用户提供对这个方法的源代码。假设库中已经有了这个方法的源代码。其Z规格的约束非常少,故我们可以通过输入不同长度的字符串来测试此方法是否正常工作。其生成的测试用例如表1所示(假设使用的MD5算法为32位的,并且生成的字母均为小写)。原始测试用例的数量非常庞大,因为程序会对所有字母的组合进行测试用例的生成。Among them, for the MD5 algorithm, we need the user to provide the source code for this method. Assume that the source code for this method already exists in the library. Its Z specification has very few constraints, so we can test whether this method works correctly by entering strings of different lengths. The generated test cases are shown in Table 1 (assuming that the MD5 algorithm used is 32 bits, and the generated letters are all lowercase). The number of original test cases is very large, because the program will generate test cases for all combinations of letters.

表1测试用例的原始列表Table 1 The original list of test cases

  输入数据 Input data   输出数据 Output Data   ‘’''   7215ee9c7d9dc229d2921a40e899ec5f7215ee9c7d9dc229d2921a40e899ec5f   ‘a’'a'   0cc175b9c0f1b6a831c399e2697726610cc175b9c0f1b6a831c399e269772661   ‘b’'b'   92eb5ffee6ae2fec3ad71c777531578f92eb5ffee6ae2fec3ad71c777531578f   ‘c’'c'   4a8a08f09d37b73795649038408b5f334a8a08f09d37b73795649038408b5f33   ‘d’'d'   8277e0910d750195b448797616e091ad8277e0910d750195b448797616e091ad   ‘e’'e'   e1671797c52e15f763380b45e841ec32e1671797c52e15f763380b45e841ec32    ......   ......   ‘ab’'ab'   187ef4436122d1cc2f40dc2b92f0eba0187ef4436122d1cc2f40dc2b92f0eba0 ...... ......

本着等价类划分的原则,我们只需要选取其中的三个测试用例,即可以测试所有的情况。分别是:输入为空字符(判断是否对特殊字符做了处理);输入只有一个字符(输入字符长度最短的情况)和输入有多个字符(输入长度大于一的情况)。经过简化的测试用例列表如表2所示。Based on the principle of equivalence class division, we only need to select three of the test cases to test all the cases. They are: the input is an empty character (judging whether special characters have been processed); the input has only one character (the case where the length of the input character is the shortest) and the input has multiple characters (the case where the length of the input is greater than one). The simplified test case list is shown in Table 2.

表2经过化简的测试用例列表Table 2 Simplified list of test cases

  输入数据 Input data   输出数据 Output Data   ‘’''   7215ee9c7d9dc229d2921a40e899ec5f7215ee9c7d9dc229d2921a40e899ec5f   ‘a’'a'   0cc175b9c0f1b6a831c399e2697726610cc175b9c0f1b6a831c399e269772661

  ‘abcdefghigklmn’'abcdefghigklmn'   5fdddbca10d5f9ff15178e1b3e86f2cb5fdddbca10d5f9ff15178e1b3e86f2cb

2.op_Validate:2. op_Validate:

根据其Z规格的描述,生成的原始测试用例同样数量巨大。其中,为了测试用例说明的完整性,在此处将pattern的取值也一并列了出来,但是pattern并不是测试用例的一部分,它是程序运行过程中的中间变量。According to the description of its Z specification, the number of raw test cases generated is also huge. Among them, for the completeness of the test case description, the value of pattern is also listed here, but pattern is not part of the test case, it is an intermediate variable during the running of the program.

表3测试用例的原始列表Table 3 The original list of test cases

  Input!Input!   Patternpattern   Output!Output!   ‘‘''   ‘‘''   Truetrue   aa   aa   TrueTrue   AbAb   AA   Truetrue   AbAb   BB   TrueTrue   AbAb   AbAb   Truetrue   ......   ......   ......   Storestore   SS   TrueTrue   ......   ......   ......   Storestore   Storestore   FalseFalse   ......   ......   ......   abcStoreabcStore   AA   Truetrue   abcStoreabcStore   BB   Truetrue   ......   ......   ......   AbcStoreAbcStore   Storestore   FalseFalse   ......   ......   ......

对其利用等价类的划分原则进行化简之后,可以得到如下的少量测试用例:After simplifying the division principle using equivalence classes, a small number of test cases can be obtained as follows:

表4经过化简的测试用例列表Table 4 Simplified list of test cases

  Input?Input?   Output!Output!

  ‘‘''   Truetrue   AA   Truetrue   Storestore   FalseFalse   aStoreaStore   FalseFalse

其中第一个测试用例是对空输入的处理,看代码是否能正常运行。第二个测试用例是对只有单个字符的处理情况;第三个测试用例是测试如果输入数据本身就是SQL注入的威胁语句,系统是否能检查出来;The first test case is the handling of empty input to see if the code can run normally. The second test case is the processing of only a single character; the third test case is to test whether the system can check if the input data itself is a threat statement of SQL injection;

3.op_Authenticate:3. op_Authenticate:

此测试用例是生成需要借助数据库里面的数据,其中User是存放在数据库里面的用户名和密码两个元素的集合。假设数据库里面已经有User表,其中存在数据:userName:mary;enPassword:123456。则生成是原始的测试用例如表5所示。This test case is to generate data that needs to be used in the database, where User is a collection of two elements stored in the database, the user name and password. Suppose there is already a User table in the database, which contains data: userName: mary; enPassword: 123456. Then the original test cases are generated as shown in Table 5.

表5测试用例的原始列表Table 5 The original list of test cases

  UsernameUsername   enPasswordenPassword   SuccessSuccess   ‘‘''   ‘‘''   FalseFalse   aa   aa   FalseFalse   bb   aa   FalseFalse   ......   ......   ......   AbAb   AbAb   FalseFalse   ....   ......   ......   MaryMary   123456123456   Truetrue   ......   ......   ......

对其利用等价类的划分原则进行化简之后,可以得到如表6所示的少量测试用例:After simplifying the division principle using equivalence classes, a small number of test cases can be obtained as shown in Table 6:

表6经过化简的测试用例列表Table 6 Simplified list of test cases

  UsernameUsername   enPasswordenPassword   SuccessSuccess   ‘‘''   ‘‘''   FalseFalse

  aa   aa   FalseFalse   abab   abab   FalseFalse   MaryMary   123123   FalseFalse   TomTom   123456123456   FalseFalse   MaryMary   123456123456   Truetrue

其中,第一个测试用例是用来测试对空输入的处理方式,第二个测试用例是测试当输入长度为1时,代码是否正常运行;第三个是测试输入长度大于1时,代码的运行情况。第四个测试用例是测试如果用户名正确而密码错误,系统的反应;第五个测试用例是测试用户名错误而密码正确的情况;最后一个测试用例是测试用户名和密码都正确,代码是否有正确的返回值。Among them, the first test case is used to test the processing method for empty input, the second test case is to test whether the code runs normally when the input length is 1; the third test case is to test the code when the input length is greater than 1 operating conditions. The fourth test case is to test the response of the system if the user name is correct and the password is wrong; the fifth test case is to test the situation where the user name is wrong and the password is correct; the last test case is to test whether the user name and password are correct and whether the code has correct return value.

同时,我们也对此测试方法进行了横向的对比,主要对比对象是用Isabelle来穿线测试用例的方式。At the same time, we also conducted a horizontal comparison of this test method. The main comparison object is the way of using Isabelle to thread test cases.

下面是对两者生成的测试用例的数量及其测试效果进行的比对,如表7所示。对比主要涉及两个方面:一是生成的测试用例的数量,二是对我们提前在代码中出现的问题,是否都能通过生成的测试用例查找到。The following is a comparison of the number of test cases generated by the two and their test effects, as shown in Table 7. The comparison mainly involves two aspects: one is the number of generated test cases, and the other is whether the problems that we have appeared in the code in advance can be found through the generated test cases.

表7经过化简的测试用例列表Table 7 Simplified test case list

Figure BDA0000049919560000091
Figure BDA0000049919560000091

四.代码验证及报告生成4. Code verification and report generation

最后,是实际检测代码的部分。我们需要将测试用例输入到用户代码中。此时,我们用方法的名字和文件位置作为参数,实现此过程。下面是针对每个方法进行测试的结果:Finally, comes the part that actually instrumentes the code. We need to input test cases into user code. At this point, we implement the process with the name of the method and the location of the file as parameters. Here are the results of testing for each method:

1.op_ClientEncode的测试结果1. The test result of op_ClientEncode

假设用户的代码如下:Suppose the user's code is as follows:

则由该方法的定义可知,对于我们输入的测试用例,这段代码的返回结果和我们的测试用例的输出应该是一样的。所以,我们对这段代码的测试就会Pass。最终生成顺利通过的报告。From the definition of this method, we can see that for the test case we input, the return result of this code should be the same as the output of our test case. Therefore, our test for this code will pass. Ultimately generate a pass report.

2.op_Validate的测试结果2. The test result of op_Validate

假设其代码如下:Suppose its code is as follows:

Figure BDA0000049919560000093
Figure BDA0000049919560000093

由此代码可知,此代码并没有正确实现其Z规格描述的功能,在用如下这个测试用例测试的时候,系统返回的信息是true,而正确的返回值应该是false,故测试失败。生成下图所示的报告返回给用户:It can be seen from the code that this code does not correctly implement the function described by its Z specification. When using the following test case to test, the information returned by the system is true, and the correct return value should be false, so the test fails. Generate the report shown in the figure below and return it to the user:

Test failed!Test failed!

Test cases are:Test cases are:

1.1.

Input:aSourceInput: aSource

Correct output:FalseCorrect output: False

Current output:TrueCurrent output: True

3.op_Authenticate的测试结果3. The test result of op_Authenticate

假设其代码如下:Suppose its code is as follows:

Figure BDA0000049919560000102
Figure BDA0000049919560000102

其代码的实现完全符合Z规格的描述,且通过测试,发现代码能够正确给出输出,得到的测试报告为顺利通过。The implementation of the code fully conforms to the description of the Z specification, and after passing the test, it is found that the code can give the output correctly, and the obtained test report is passed successfully.

Claims (3)

1.一种基于Z规格的测试用例生成方法,其特征是,包括下列步骤:1. A test case generation method based on Z specification, is characterized in that, comprises the following steps: 一、用Z语言来描述一个软件系统的规格说明,使形式化方法的描述准确,没有二义性的优势得到充分发挥;1. Use the Z language to describe the specification of a software system, so that the description of the formal method is accurate and the advantages of no ambiguity can be fully utilized; 二.从Z语言的基本模块模式的谓词部分中生成前置条件,同时保证模块的完整性以及前置条件的无冗余性;2. Generate preconditions from the predicate part of the basic module pattern of the Z language, while ensuring the integrity of the module and the non-redundancy of the preconditions; 三.根据得到的前置条件,采用合适的算法,生成可用的而且覆盖率高的测试用例;3. According to the obtained preconditions, use a suitable algorithm to generate available test cases with high coverage; 四.通过对代码的检测,验证用户的代码是否符合对程序的预期,并通过比较目标代码输出与已经得到的测试用例的输出是否相同,给出一个相应的测试报告。4. Through code detection, verify whether the user's code meets the expectations of the program, and give a corresponding test report by comparing the output of the target code with the output of the test case that has been obtained. 2.如权利要求1所述的方法,其特征是,生成可用的而且覆盖率高的测试用例包括下列步骤:2. The method according to claim 1, characterized in that generating available and high coverage test cases comprises the following steps: 首先,对测试用例的等价类进行划分;然后,按照分类的不同,从不同的领域中选取测试用例;最后进行测试用例的汇总。First, classify the equivalence classes of test cases; then, select test cases from different fields according to different classifications; finally, summarize the test cases. 3.如权利要求2所述的方法,其特征是,生成可用的而且覆盖率高的测试用例具体为:3. The method according to claim 2, characterized in that generating available and high-coverage test cases is specifically: 已知op_ClientEncode,是一个方法的名称,表示在网上进行数据交互活动时客户端的加密过程,通过输入不同长度的字符串来测试此方法是否正常工作,其生成的原始测试用例如表1所示。It is known that op_ClientEncode is the name of a method, which indicates the encryption process of the client when performing data interaction activities on the Internet. By inputting strings of different lengths to test whether this method works normally, the original test examples generated by it are shown in Table 1. 表1测试用例的原始列表Table 1 The original list of test cases   输入数据 Input data   输出数据 Output Data   ‘’''   7215ee9c7d9dc229d2921a40e899ec5f7215ee9c7d9dc229d2921a40e899ec5f   ‘a’'a'   0cc175b9c0f1b6a831c399e2697726610cc175b9c0f1b6a831c399e269772661   ‘b’'b'   92eb5ffee6ae2fec3ad71c777531578f92eb5ffee6ae2fec3ad71c777531578f   ‘c’'c'   4a8a08f09d37b73795649038408b5f334a8a08f09d37b73795649038408b5f33   ‘d’'d'   8277e0910d750195b448797616e091ad8277e0910d750195b448797616e091ad   ‘e’'e'   e1671797c52e15f763380b45e841ec32e1671797c52e15f763380b45e841ec32    ......   ......   ‘ab’'ab'   187ef4436122d1cc2f40dc2b92f0eba0187ef4436122d1cc2f40dc2b92f0eba0    ......   ......
(1)对测试用例的等价类进行划分:(1) Divide the equivalence classes of the test cases: 本着等价类划分的原则,将表1中的测试用例等价类划分为三个,分别是:输入为空字符;输入只有一个字符和输入有多个字符;Based on the principle of equivalence class division, the test case equivalence classes in Table 1 are divided into three, namely: the input is an empty character; the input has only one character and the input has multiple characters; (2)从不同的领域中选取测试用例:(2) Select test cases from different fields: 从三个不同的测试用例等价类中分别选出一个测试用例:‘’;‘a’;‘abcdefghigklmn’;Select a test case from each of three different test case equivalence classes: ''; 'a'; 'abcdefghigklmn'; (3)进行测试用例的汇总;(3) Summary of test cases; 前述步骤(2)中选取的测试用例,可生成可用的且覆盖率高的测试用例,其结果如表2所示:The test cases selected in the aforementioned step (2) can generate available and high-coverage test cases, and the results are shown in Table 2: 表2经过化简的测试用例列表 Table 2 Simplified test case list   输入数据 Input data   输出数据 Output Data   ‘’''   7215ee9c7d9dc229d2921a40e899ec5f7215ee9c7d9dc229d2921a40e899ec5f   ‘a’'a'   0cc175b9c0f1b6a831c399e2697726610cc175b9c0f1b6a831c399e269772661   ‘abcdefghigklmn’'abcdefghigklmn'   5fdddbca10d5f9ff15178e1b3e86f2cb5fdddbca10d5f9ff15178e1b3e86f2cb
CN 201110059216 2011-03-11 2011-03-11 Z-specification-based test case generating method Pending CN102103539A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201110059216 CN102103539A (en) 2011-03-11 2011-03-11 Z-specification-based test case generating method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201110059216 CN102103539A (en) 2011-03-11 2011-03-11 Z-specification-based test case generating method

Publications (1)

Publication Number Publication Date
CN102103539A true CN102103539A (en) 2011-06-22

Family

ID=44156327

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201110059216 Pending CN102103539A (en) 2011-03-11 2011-03-11 Z-specification-based test case generating method

Country Status (1)

Country Link
CN (1) CN102103539A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102508770A (en) * 2011-10-10 2012-06-20 南京大学 Test case suite amplification method based on self-adaption random testing of predicate
CN105183633A (en) * 2015-07-21 2015-12-23 浪潮电子信息产业股份有限公司 Method and system for generating test case
CN109614335A (en) * 2018-12-10 2019-04-12 艾瑞克·李 Module grey box behavior specification and grey box test case design method
CN114254326A (en) * 2021-12-13 2022-03-29 北京知道未来信息技术有限公司 exp availability verification method and device, electronic equipment and readable storage medium
CN116541854A (en) * 2023-07-06 2023-08-04 北京华云安信息技术有限公司 Vulnerability testing method and device, electronic equipment and storage medium
CN116756000A (en) * 2023-05-24 2023-09-15 浙江望安科技有限公司 Method for continuously integrating combined form verification

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101620566A (en) * 2009-07-23 2010-01-06 北京航空航天大学 Dynamic random testing method
CN101833505A (en) * 2010-04-30 2010-09-15 天津大学 A software system security defect detection method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101620566A (en) * 2009-07-23 2010-01-06 北京航空航天大学 Dynamic random testing method
CN101833505A (en) * 2010-04-30 2010-09-15 天津大学 A software system security defect detection method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《应用科学学报》 20060731 朱彬等 Z规格说明的测试用例自动生成 第377-381页 1-3 第24卷, 第4期 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102508770A (en) * 2011-10-10 2012-06-20 南京大学 Test case suite amplification method based on self-adaption random testing of predicate
CN102508770B (en) * 2011-10-10 2015-02-11 南京大学 Test case suite amplification method based on self-adaption random testing of predicate
CN105183633A (en) * 2015-07-21 2015-12-23 浪潮电子信息产业股份有限公司 Method and system for generating test case
CN109614335A (en) * 2018-12-10 2019-04-12 艾瑞克·李 Module grey box behavior specification and grey box test case design method
CN109614335B (en) * 2018-12-10 2021-10-15 艾瑞克·李 Module ash box behavior specification description and ash box test case design method
CN114254326A (en) * 2021-12-13 2022-03-29 北京知道未来信息技术有限公司 exp availability verification method and device, electronic equipment and readable storage medium
CN114254326B (en) * 2021-12-13 2025-01-24 北京知道未来信息技术有限公司 exp availability verification method, device, electronic device and readable storage medium
CN116756000A (en) * 2023-05-24 2023-09-15 浙江望安科技有限公司 Method for continuously integrating combined form verification
CN116756000B (en) * 2023-05-24 2024-02-06 浙江望安科技有限公司 Method for continuously integrating combined form verification
CN116541854A (en) * 2023-07-06 2023-08-04 北京华云安信息技术有限公司 Vulnerability testing method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
Li et al. Vuldeelocator: a deep learning-based fine-grained vulnerability detector
CN111460450B (en) Source code vulnerability detection method based on graph convolution network
Hooimeijer et al. A decision procedure for subset constraints over regular languages
CN103577168A (en) Test case creation system and method
CN111931181B (en) Software logic vulnerability detection method based on graph mining
CN108763064B (en) Code test generation method and device based on black box function and machine learning
CN110543356A (en) Abnormal task detection method, device, equipment and computer storage medium
CN102103539A (en) Z-specification-based test case generating method
Li et al. StateGuard: Detecting State Derailment Defects in Decentralized Exchange Smart Contract
CN115994363A (en) Blockchain security assessment method and device based on multi-dimensional security detection
CN112905370A (en) Topological graph generation method, anomaly detection method, device, equipment and storage medium
Zhang et al. How effective are they? Exploring large language model based fuzz driver generation
CN102819490A (en) Method and system for software testing based on given defect description information
Chen et al. Evaluating the effectiveness of deep learning models for foundational program analysis tasks
CN118113689B (en) A data quality analysis method and system
Zhang et al. Synthesis-Based Enhancement for GUI Test Case Migration
CN102681932A (en) Method for detecting processing correctness of software on abnormal input
Sun et al. MAF: method-anchored test fragmentation for test code plagiarism detection
Tiwari et al. Combining model-based testing and automated analysis of behavioural models using graphwalker and uppaal
Li Improving bug detection and fixing via code representation learning
Chi et al. Reaccept: Automated co-evolution of production and test code based on dynamic validation and large language models
CN101833505A (en) A software system security defect detection method
Wang et al. Smart Contract Timestamp Vulnerability Detection Based on Code Homogeneity
CN102902820A (en) Method and device for identifying database type
CN114090011A (en) Software development method convenient for developer to use

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20110622